Ray Kafity, Vice President, Middle East, Turkey and Africa at Attivo Networks, discusses why a prevention-only defence is no longer enough to ensure data and patients are safe from cybercriminals.
No industry is immune to hacking. In this digital age, no organisation can be considered as entirely safe from cybercriminals. As organisations invest in transformational technologies to streamline operations, maximise efficiencies and increase open communications, they are also introducing new gateways for criminals to enter their systems.
According to IDC Health Insights 2017, it is predicted that by 2021, the first US$1 million class-action lawsuit against a medical device manufacturer will be filed for negligence due to a cyberattack that led to the death of at least 25 patients connected to a network while in the hospital and the latest example of healthcare facilities falling victim to cyberattacks was the ‘WannaCry’ attack on the National Healthcare System in the UK.
The healthcare industry is a highly lucrative target; a single attack can yield data on hundreds to millions of people. Patients can often be dealing with life-threatening conditions, requiring the exchange of huge amounts of money and personal data. Hence, it is vital for healthcare organisations to invest in advanced cybersecurity solutions and move past traditional security controls in order to protect personal health information and medical devices used for patient care.
Despite best efforts, healthcare organisations can often become overwhelmed protecting a complex attack surface and the ongoing challenges associated with employing the best talent to protect their environments. The situation is compounded by the relentless targeting and advanced threats used to attack these organisations and limited budgets to stop these attacks.
Given the sophistication and aggressiveness of attackers, a prevention-only defence is no longer enough to keep data and patients safe. Building, maintaining and enhancing a highly robust adaptive defence has risen to a top priority for every organisation, however despite their best efforts, we still read every day about breaches from companies around the world.
What these breaches point to is an inability for organisations to reliably achieve 100% prevention security and that they must take a different approach or risk being breached and bearing a negative impact to their brand. Hence, the global interest in deception technology, which is proving to be an exceptionally accurate and effective solution for detecting threats that have bypassed perimeter and anti-virus defences.
It is important, now more than ever, for healthcare organisations to transition from a defensive to an offensive strategy to stay ahead of cyberattacks. Thus, using deception technologies will deliver the early and accurate detection of in-network threats, reducing attacker dwell time and an organisation’s mean time to respond.
Nowadays, it is not a matter of ‘if’ you will be attacked, rather, it is ‘how far’ an attacker can go. Attackers maintain an average of 99 days undetected within a network. Unfortunately, most of the traditional cybersecurity solutions are designed to operate on a known-premise, meaning that the solution relies on using existing attack data or a form of pattern matching to identify an attack.
Cybercriminals are growing more advanced and sophisticated by the minute. Hence, organisations need a cybersecurity solution that is designed detect all variants of threats early in order to stop attackers in their tracks. This detection needs to be effective throughout all attack phases and efficiently detect an ever-changing landscape of threats and a constantly evolving attack surface.
So one may ask: What is holding companies back from adopting deception-based detection technology?
- Deception is viewed as a nice to have and something to be done after other security priorities
- Deception is easy for an attacker to detect and organisations are not sure if deception works on sophisticated human attackers
- Belief that deception requires highly skilled staff to deploy and operate
These are common myths that have been dispelled by customers that have adopted deception technology for their detection security control. With today’s advanced deception networks, the decoys use high interaction deception and are based on real operating systems and services, which make the devices appear identical to production servers.
There is repeated demonstration of red teams falling prey to deception assets, validating the authenticity and efficacy of the solution. The deployment and operationalisation of deception has also dramatically evolved over the last few years. The products available today have simplified operations and employ machine learning for further process automation.
The perception that has limited adoption the most boils down to a determination of whether this is ‘nice to have’ vs. ‘need to have’. In this case, the question to ask becomes ‘How confident are you in knowing what threats are in your network and if they can hurt you?’.
If there is any doubt within the answer, then deception delivers the technology required to answer that question. Organisations with either highly sophisticated infrastructure and low thresholds for risk or organisations with legacy technology and security gaps will benefit from deception by knowing early and accurately when other security controls fail.
They will also see additional benefits associated with improving their ability to respond to attacks. Today’s distributed deception programs now also empower automated attack analysis and incident response for blocking, quarantine and threat hunting discovered attacks.
We cannot fully rely on prevention methods anymore, taking into account human errors, perimeter-less networks, and advanced cyberattacks. Deception-based threat detection is a powerful weapon for security teams to protect their organisation’s assets and to be able to know with confidence, what’s lurking in their network.